CVE-2019-12838 — SQL Injection in Slurm

Severity

9.8CRITICALNVD

EPSS

3.1%

top 13.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 11

Latest updateMay 24

Description

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

▶NVDschedmd/slurm17.11.13.2+2

▶NVDopensuse/leap15.0, 15.1+1

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 29, 30

GHSA

GHSA-h39m-vmcf-q43p: SchedMD Slurm 17↗2022-05-24

▶

CVEList

CVE-2019-12838: SchedMD Slurm 17↗2019-07-11

▶

OSV

CVE-2019-12838: SchedMD Slurm 17↗2019-07-11

▶

Bugzilla

CVE-2019-12838 slurm: improper escaping of strings in accounting_storage/mysql plugin allowing for an SQL injection [fedora-all]↗2019-08-01

▶

Bugzilla

CVE-2019-12838 slurm: improper escaping of strings in accounting_storage/mysql plugin allowing for an SQL injection↗2019-08-01

▶